How to block the direct web access to important Joomla! files using .htaccess?
Protecting the critical Joomla! files from being accessed directly over the web is an essential aspect of your website’s security.
Add this code to your .htaccess file to protect your Joomla!’s configuration.php file and your .htaccess file from direct access via web:
<FilesMatch “configuration.php”>
Order allow,deny
Deny from all
</FilesMatch>
<Files .htaccess>
order allow,deny
deny from all
</Files>
Modify the .htaccess file of your Joomla! via FTP, SSH and File Manager in Site Tools.